Read more as we talk with our team on the ground at this year’s RSAC. ePlus Lead Security Engineer Jason Nelson attended sessions, and Marc Cohen, ePlus Solutions Director walked the floor, saw the demos and talked the talk!
Can you tell us about some of the themes you saw emerge at the show this year?
Jason: There were a handful of themes that were hot topics. There was definitely a sense of uncertainty around the concept of trust, and the “Zero Trust Model” was a pretty prevalent topic across the conference. Risk Management was another popular theme, specifically around controlling for third party risk in light of a number of breaches. The transformation of the traditional perimeter is evolving and transforming – and while I don’t think it is going away – I do think there was a lot of talk around bridging the gap between where businesses need to go and how security teams can work in partnership to help them securely get there. This includes the need to have discussions around whether, when and how to securely introduce automation to help solve business problems.
As access points to data increase – the challenges facing security departments increase as well – and there needs to be harmony between enabling business flexibility and organizational data security.
Marc: I felt like there was a lot less buzz-word bingo on the floor this year. I instead felt like the industry was finally focusing on real-world observations of adversarial behavior and addressing the challenges head-on. One example of this was the prevalence of the MITRE ATT&CK framework throughout the conference. While this has long been “the book of knowledge” on threat modeling, its utilization has only really started growing over the past year. More people are familiar with the tool, and how to utilize it for the benefit of their individual security programs.
What was the vibe like at the show?
Jason: There was a lot of innovation and lot more discussion around practical solutions to common problems. There was also a lot of recognition around the need for security teams to work in lock step with other business areas to help advance business agility in a secure manner, where security is a true partner to the business and not a hindrance to flexibility.
Marc: This year’s RSAC theme was “Better,” and I thought it really was. I felt like this was the most productive RSA I have had in recent history. As always, I went in with a shortlist of emerging technologies and companies I wanted to get a deeper dive on, including organizations focusing on container security, mailbox vs. gateway security, secure software development, segmentation and cloud policy. Being able to compare and contrast similar solutions almost side-by-side, in some cases with the product development teams, was invaluable.
You mention Risk Management as a common theme -- How can organizations help defend against third party risk?
Jason: Security Risk Management is one of those areas that illustrates the importance of security teams and their business peers being in lock step. Many of the most well known security breaches have been accomplished via compromising a third-party data source. It always surprises me how often third-party risk and risk management in general are attempted to be solved with a product rather than a program.
Products, while important, are secondary to the processes and procedures in place to protect organizations. So, I would say that for an organization to successfully defend against third party risk – they must first assess where those vulnerability points lie – and then be proactive in putting internal controls in place that establish collective, organization-wide accountability toward keeping data secure.
Marc: Third party risk has always existed, and partners and suppliers play a critical role in helping an organization successfully defend against security threats. In our current, highly digital technology environment, assigning dedicated resources to risk management practices in the supply chain is more important than it has been at almost any point in the past.
Given this, I believe the most effective way to protect against third-party risk is to have visibility into your partners and suppliers, what their roles are and what their relationship is to your organization. It is challenging to protect or defend against that which you do you know or understand, so it is important to have a solid understanding of the dependency that exists between third parties and your organization. An incident response plan is critical to navigating though any business impacting event; having a tested and understood strategy can mean the difference between an organization bouncing back from an impacting event or ceasing to exist. That may sound harsh, but it is the reality we live in.
Was there anything that caught your eye?
Marc: With CCPA coming into effect in 2020, and GDPR live, organizations are working towards compliance, safeguarding data and understanding where they may have exposure. I think there are a lot of leaders that are struggling to understand the difference between the PI and PII in their systems, how they can connect the dots between them, and how they can respond to requests from the business and customers around use and exposure. I was pleasantly surprised with some innovative solutions in the identity space and in the data privacy arena.
What was one of your biggest takeaways?
Jason: The race to purchase (or build) a security orchestration tool was definitely top of mind for many of the attendees. From SIEM Vendors to Firewall vendors, the thought process is simple: how do we enable a security team to be faster and more agile without adding more work to their already full plates? Picking how you want to enable automation and orchestration is no easy task, especially when your network or IT Ops team may already be using an IT automation tool throughout the environment. In my opinion, this is a perfect place for security teams and IT teams to workshop together to discuss how and where automation makes the most sense. There is much to be gained from allowing software to orchestrate playbooks faster than a human ever could. The question that still remains, however, is whether or not security practitioners will actually allow an automation tool to make real time changes on their production systems.
Want to learn more about how ePlus security solutions can protect your business? E-mail our experts at firstname.lastname@example.org.